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DETAILED ACTION 

1. This action is responsive to the communication filed on July 12, 2007. 
Claims 1-22 are pending. At this time, claims 1-22 are still rejected. 

Response to Arguments 

2. Applicant's arguments filed July 12, 2007, with respect to 
Election/Restriction have been fully considered and are persuasive. The office action of 
Restriction/Election mailed on June 14, 2007 has been withdrawn. 

Applicant's arguments filed March 21 , 2007 have been fully considered but 
they are not persuasive. 

Applicant argues that: 

Neither Slemmer nor Maufer, invidually or in combination, discloses a 
single device that both bridges and routes incoming packets. They also fail to teach 
that packets should be bridged. 

Examiner disagrees with applicant and still maintain that: 
Slemmer teaches the a system for providing uninterrupted communication 
over a network link includes a multi-port switch (e. g., bridges) that is connected to a 
first network portion and a second network portion that are communicating with one 
another. The multi-port switch is also connected to a separate server unit, such as a 
firewall (e.g., router or gateway) computer. The switch is configured to direct 
communication signals flowing between the first network portion and the second 
network portion through the separate server unit for processing during normal operation. 
When the separate server unit fails, however, the switch is reconfigured so that 
communications bypass the separate server unit. In a preferred embodiment, a 
Ethernet switch having virtual local area network (VLAN) capability is used. Although 
Slemmer teaches a firewall, Slemmer is silent on the capability of showing the source 
address (if indeed is inherently in Slemmer). On the other hand, Maufer teaches the 
source and destination address (column 1, lines 40-62; column 3, lines 60-67 of 
Maufer). In addition, Maufer futher teaches the packets are being routed (see Maufer's 
abstract and column 16, lines 23-31 of Maufer). Thus, the combination of teaching 
between Slemmer and Maufer teaches the claimed subject matter. 
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In response to applicant's argument that the references fail to show certain 
features of applicant's invention, it is noted that the features upon which applicant relies 
(i.e., discloses a single device that both bridges and routes incoming packets) are not 
recited in the rejected claim(s). Although the claims are interpreted in light of the 
specification, limitations from the specification are not read into the claims. See In re 
Van Geuns, 988 F.2d 1 181, 26 USPQ2d 1057 (Fed. Cir. 1993). It appears that 
Applicant has tried to interpret "within the first network" as a single device. It is not true 
that a network is compatible with a single device, since many devices can be in one 
network. 

In response to applicant's argument that there is no suggestion to combine 
the references, the examiner recognizes that obviousness can only be established by 
combining or modifying the teachings of the prior art to produce the claimed invention 
where there is some teaching, suggestion, or motivation to do so found either in the 
references themselves or in the knowledge generally available to one of ordinary skill in 
the art. See In re Fine, 837 F.2d 1071, 5 USPQ2d 1596 (Fed. Cir. 1988)and In re 
Jones, 958 F.2d 347, 21 USPQ2d 1941 (Fed. Cir. 1992). In this case, the combination 
of teaching between Slemmer and Maufer is proper and efficient. 

Slemmer and Maufer do not need to disclose anything over and above the 
invention as claimed in order to render it unpatentable or anticipate. A recitation of the 
intended use of the claimed invention must result in a structural difference between the 
claimed invention and the prior art in order to patentably distinguish the claimed 
invention from the prior art. If the prior art structure is capable of performing the 
intended use, then it meets the claimed limitations. 

For the above reasons, it is believed that the rejections should be 

sustained. 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 

all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
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the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 1-22 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Slemmer (US 6,240,533 B1), and further in view of Maufer et al (US 7,143,188 
B2). 

a. Referring to claim 1: 

i. Slemmer teaches a firewall, comprising: 

(1) a first port configured for communication with a first 
device within a first network (see Figures 4 & 5 and further details on column 4, line 
52 of Slemmer); 

(2) a second port configured for communication with a 
second device within the first network (see Figures 4 & 5 and further details on 
column 4, lines 52-53 of Slemmer); 

(3) a third port configured for communication between the 
first network and a second network (see Figures 4 & 5 and further details on column 
4, lines 51-58 of Slemmer); and 

(4) at least one processor configured to: determine that a 
first portion of the incoming packets should be bridged, the first portion having a first 
source address and a first destination address within the first network (column 4, lines 
7-32 of Slemmer); 

(5) apply a first screening process to the first portion 
(column 4, lines 32-41 of Slemmer); 

(6) determine that a second portion of the incoming 
packets should be routed, the second portion having a second source address or a 
second destination address outside the first network; and apply a second screening 
process to the second portion (column 4, lines 42-67 through column 5, lines 1-10 of 
Slemmer). 

ii. Although Slemmer teaches a firewall, Slemmer is silent on 
the capability of showing the source address (if indeed is inherently in Slemmer). On 
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the other hand, Maufer teaches the source and destination address (column 1, lines 
40-62; column 3, lines 60-67 of Maufer). 

iii. It would have been obvious to a person having ordinary skill 
in the art at the time the invention was made to: 

(1) have modified the invention of Slemmer (if indeed is 
not inherently) with the teaching of Maufer to form a packet (column 3, lines 59-60 of 
Maufer). 

iv. The ordinary skilled person would have been motivated to: 
(1) have modified the invention of Slemmer (if indeed is 

not inherently) with the teaching of Maufer to enhanced security for communication over 
a network, and more particularly to integration of Network Address Translation (NAT) 
with Internet Protocol Security (IPSec) (column 1, lines 8-11 of Maufer). 

b. Referring to claim 2: 

i. Slemmer further teaches: 

(1) wherein the at least one processor is configured to 
control traffic between the first device and the second device according to a spanning 
tree protocol (column 3, lines 54-67 through column 4, lines 1-3 of Slemmer). 

c. Referring to claim 3: 

i. Slemmer further teaches: 

(1) wherein the at least one processor is configured to 
control traffic between the first device and the second device according to one or more 
fields in a layer 2 header of a packet (column 3, lines 54-67 through column 4, lines 
1-3; column 4, lines 30-32 of Slemmer). 

d. Referring to claim 4: 

i. Slemmer teaches: 

(1) wherein the at least one processor is configured to 
perform an initial check on a packet, wherein the procedures of the initial check are 
selected from the group consisting of checking for broadcasting, multicasting and 
Internet protocol fragments (column 4, lines 59-67 through column 5, lines 1-11 of 
Slemmer). 
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e. Referring to claim 5: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) wherein the at least one processor is configured to 
apply the first screening process according to security policies implemented at one or 
more of layers 3 through 7 (column 2, lines 45-67 of Maufer). 

f. Referring to claims 6-7: 

i. These claims have limitations that is similar to those of claim 
5, thus they are rejected with the same rationale applied against claim 5 above. 

g. Referring to claim 8: 

i. This claim has limitations that is similar to those of claim 1, 
thus it is rejected with the same rationale applied against claim 1 above. 

h. Referring to claims 9-12: 

i. These claims consist a method of implementing a firewal in 
claim 1, thus they are rejected with the same rationale applied against claims 1, 4-5 
above. 

i. Referring to claims 13-16: 

i. These claims consist a computer program embodied in a 
machine-readable medium, the computer program comprising instructions for controlling 
a firewall to implement claim 1, thus they are rejected with the same rationale applied 
against claims 1 , 4-5 above. 

j. Referring to claim 1 7: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) further comprising a control plane configured to build 
a bridge table (see figures 5A-B and more details in column 3, lines 64-67; column 
5, lines 57-67 through column 6, lines 1-6 of Maufer). 
kj. Referring to claim 18: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 
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(1) wherein the control plane is further configured to 
inspect one or more of DHCP, ARP or OSPF packets (column 1, lines 40-48; column 
7, lines 2-12 of Maufer). 

I. Referring to claim 19: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) wherein the control plane is further configured to 
builds a routing table (see figures 5A-B and more details in column 3, lines 64-67; 
column 5, lines 57-67 through column 6, lines 1-6 of Maufer). 
m. Referring to claim 20: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) further comprising a data plane configured to enforce 
screening policies (column 2, lines 45-67 Of Maufer). 
n. Referring to claim 21: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) wherein the data plane is further configured to 
determine whether to bridge or route packets (column 6, lines 7-21 of Maufer). 
o. Referring to claim 22: 

i. The combination of teaching between Slemmer and Maufer 
teaches the claimed subject matter. Maufer further teaches: 

(1) wherein the data plane is further configured to rewrite 
packet headers before transmitting packets (column 2, lines 45-67). 

Conclusion 

5. Accordingly, THIS ACTION IS MADE FINAL. See MPEP § 706.07(a). 
Applicant is reminded of the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to 
expire THREE MONTHS from the mailing date of this action. In the event a first reply is 
filed within TWO MONTHS of the mailing date of this final action and the advisory action 



Application/Control Number: 10/721,571 
Art Unit: 2135 



Page 8 



is not mailed until after the end of the THREE-MONTH shortened statutory period, then 
the shortened statutory period will expire on the date the advisory action is mailed, and 
any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date 
of the advisory action. In no event, however, will the statutory period for reply expire 
later than SIX MONTHS from the date of this final action. 



communications from the examiner should be directed to Thanhnga (Tanya) Truong 
whose telephone number is 571-272-3858. 



the examiner's supervisor, Kim Vu can be reached at 571-272-3859. The fax and 
phone numbers for the organization where this application or proceeding is assigned is 
571-273-8300. 

Any inquiry of a general nature or relating to the status of this 
application or proceeding should be directed to the receptionist whose telephone 
number is 571-272-2100. 
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